RSA Decryption: check private value after decryption #7167

SparkiDev · 2024-01-24T06:12:12Z

Description

After RSA decryption check d is still valid.

Fixes zd#17266

Testing

Ran tests with WOLFSSL_RSA_CHECK_D_ON_DECRYPT defined.
Benchmark difference was negligible.

Checklist

added tests
updated/added doxygen
updated appropriate READMEs
Updated manual and documentation

JacobBarthelmeh · 2024-01-24T18:19:08Z

wolfcrypt/src/rsa.c

@@ -2723,6 +2723,17 @@ static int RsaFunctionSync(const byte* in, word32 inLen, byte* out,
        if (mp_to_unsigned_bin_len_ct(tmp, out, (int)*outLen) != MP_OKAY)
             ret = MP_TO_E;
    }
+#ifdef WOLFSSL_RSA_CHECK_D_ON_DECRYPT


Is this something that should be on be default and optionally turned off rather than off be default and optionally turned on?

Would it make sense to enable with WOLFSSL_CHECK_SIG_FAULTS?

WOLFSSL_CHECK_SIG_FAULTS is currently for signature and ECC.
This code is only for RSA decryption and not signing.
If there was a better generic 'check data after op' define, I would consider enabling it as part of that.

@SparkiDev should this be on by default and have a different macro name to disable it?

There are very limited circumstances that would require the checking of d.
It is unnecessary work that we should avoided if possible.

Let's merge as-is then document clearly those reasons

dgarske · 2024-01-26T18:38:01Z

wolfcrypt/src/rsa.c

@@ -2723,6 +2723,17 @@ static int RsaFunctionSync(const byte* in, word32 inLen, byte* out,
        if (mp_to_unsigned_bin_len_ct(tmp, out, (int)*outLen) != MP_OKAY)
             ret = MP_TO_E;
    }
+#ifdef WOLFSSL_RSA_CHECK_D_ON_DECRYPT


Would it make sense to enable with WOLFSSL_CHECK_SIG_FAULTS?

dgarske · 2024-01-29T15:37:02Z

wolfcrypt/src/rsa.c

@@ -2723,6 +2723,17 @@ static int RsaFunctionSync(const byte* in, word32 inLen, byte* out,
        if (mp_to_unsigned_bin_len_ct(tmp, out, (int)*outLen) != MP_OKAY)
             ret = MP_TO_E;
    }
+#ifdef WOLFSSL_RSA_CHECK_D_ON_DECRYPT


@SparkiDev should this be on by default and have a different macro name to disable it?

RSA Decryption: check private value after decryption

999f845

SparkiDev assigned SparkiDev and wolfSSL-Bot and unassigned SparkiDev Jan 24, 2024

liang-junkai approved these changes Jan 24, 2024

View reviewed changes

JacobBarthelmeh reviewed Jan 24, 2024

View reviewed changes

JacobBarthelmeh assigned SparkiDev and dgarske and unassigned wolfSSL-Bot and SparkiDev Jan 24, 2024

dgarske requested changes Jan 26, 2024

View reviewed changes

dgarske assigned SparkiDev and unassigned dgarske Jan 26, 2024

SparkiDev assigned wolfSSL-Bot, dgarske and JacobBarthelmeh and unassigned SparkiDev Jan 28, 2024

dgarske requested changes Jan 29, 2024

View reviewed changes

dgarske assigned SparkiDev and unassigned dgarske and JacobBarthelmeh Jan 29, 2024

dgarske approved these changes Jan 29, 2024

View reviewed changes

dgarske merged commit de4a6f9 into wolfSSL:master Jan 29, 2024
108 checks passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

RSA Decryption: check private value after decryption #7167

RSA Decryption: check private value after decryption #7167

SparkiDev commented Jan 24, 2024

JacobBarthelmeh Jan 24, 2024

dgarske Jan 26, 2024

SparkiDev Jan 28, 2024

dgarske Jan 29, 2024

SparkiDev Jan 29, 2024

dgarske Jan 29, 2024

dgarske Jan 26, 2024

dgarske Jan 29, 2024

RSA Decryption: check private value after decryption #7167

RSA Decryption: check private value after decryption #7167

Conversation

SparkiDev commented Jan 24, 2024

Description

Testing

Checklist

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment